OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Postfix sends bounce messages to bogus From-address?

From: Alan Kennington (ak.postfixtopology.org)
Date: Thu Mar 06 2003 - 06:50:40 CST

On Thu, Mar 06, 2003 at 12:39:57PM +0000, Simon White wrote:
> 06-Mar-03 at 22:49, Alan Kennington (ak.postfixtopology.org) wrote :
[...]
> > I get this sort of thing:
> >
> > A = my mail server (Postfix)
> > B = bad guy (SMTP client)
> > C = innocent victim e-mail address
> >
> > Host B sends mail to A with false From-address = C.
> > Host A bounces the mail to C.
> >
> > When I used sendmail, I'm sure that A bounced the mail back to
> > the SMTP client B.
> > Surely the bad guy should get the bounced mail, not the innocent victim!
>
> Logs. Config. Please.
>
> --

Okay. Here is a log excerpt:

====================================================================
Mar 6 16:47:00 dog postfix/smtpd[2028]: connect from unknown[212.72.55.184]
Mar 6 16:47:10 dog postfix/smtpd[2028]: 496484C483: client=unknown[212.72.55.18
4]
Mar 6 16:47:23 dog postfix/cleanup[2030]: 496484C483: message-id=<00005a6a3168$
000044a7$00004306k0.k2.t.u-tokyo.ac.jp>
Mar 6 16:47:23 dog postfix/qmgr[24587]: 496484C483: from=<M.Washingtonuwasa.fi
>, size=2739, nrcpt=1 (queue active)
Mar 6 16:47:23 dog postfix/smtpd[2033]: connect from dog.topology.org[203.38.14
8.51]
Mar 6 16:47:23 dog postfix/smtp[2032]: warning: host dog.topology.org[203.38.14
8.51] greeted me with my own hostname dog.topology.org
Mar 6 16:47:23 dog postfix/smtp[2032]: warning: host dog.topology.org[203.38.14
8.51] replied to HELO/EHLO with my own hostname dog.topology.org
Mar 6 16:47:23 dog postfix/smtp[2032]: 496484C483: to=<20000608225624.a6115dog
.topology.org>, relay=dog.topology.org[203.38.148.51], delay=13, status=bounced
(mail for dog.topology.org loops back to myself)
Mar 6 16:47:23 dog postfix/smtpd[2033]: lost connection after EHLO from dog.top
ology.org[203.38.148.51]
Mar 6 16:47:23 dog postfix/smtpd[2033]: disconnect from dog.topology.org[203.38
.148.51]
Mar 6 16:47:23 dog postfix/cleanup[2030]: A4E778A3DD: message-id=<2003030606172
3.A4E778A3DDdog.topology.org>
Mar 6 16:47:23 dog postfix/qmgr[24587]: A4E778A3DD: from=<>, size=4378, nrcpt=1
 (queue active)
Mar 6 16:47:29 dog postfix/smtpd[2028]: disconnect from unknown[212.72.55.184]
Mar 6 16:47:34 dog postfix/smtp[2036]: A4E778A3DD: to=<M.Washingtonuwasa.fi>,
relay=jess.uwasa.fi[193.166.120.38], delay=11, status=sent (250 2.0.0 h266HTh312
63 Message accepted for delivery)
====================================================================

Here I have:

A = dog.topology.org
B = 212.72.55.184
C = M.Washingtonuwasa.fi

Here's how I think my configuration was at the time.
(I've made some tinxy changes since then, but I've tried to reverse those.)

====================================================================
rootdog# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, $mydomain
mydomain = topology.org
myhostname = dog.topology.org
mynetworks = 203.38.148.48/28, 203.48.2.128/27, 127.0.0.0/8
myorigin = topology.org
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
====================================================================

Cheers,
Alan Kennington.

--------------------------------------------------------------------
    name: Dr. Alan Kennington
 website: http://www.topology.org/
    city: Adelaide, South Australia
  coords: 138.59 E, 34.88 S
timezone: UTC+1030 http://www.topology.org/site/timezone.html